hush package
A Python library that helps manage secrets.
Uses the secret management tools (e.g. pass) specified by (internal and external) plugin hooks.
- class Hush(namespace=(), *, user=None)[source]
Bases:
object
Hush class to constrain context of get_secret() function.
Can be used as an alternative to calling this module’s global
get_secret()
function directly.- Parameters
namespace (
Iterable
[str
]) –user (
Optional
[str
]) –
- get_secret(key, namespace=(), *, user=None)[source]
Given a
key
, retrive a secret.Note
The
namespace
argument, if provided, will be used to extend the namespace specified when initializing this class.The
user
argument, if provided, will override the user specified when initializing this class.
Refer to
help(hush.get_secret)
for more information.- Parameters
key (
str
) –namespace (
Iterable
[str
]) –user (
Optional
[str
]) –
- Return type
Optional
[str
]
- get_secret(key, namespace=(), *, user=None)[source]
Given a
key
, retrieve a secret.This function attempts to use every secret-retrieving method registered by plugins (internal and external) to obtain the desired secret.
- Parameters
key (
str
) – The key that corresponds to the secret we are hoping to retrieve.namespace (
Iterable
[str
]) – The namespace that the secret belongs to (e.g. [“db”, “foobar”]). How this argument is used is specific to the tool being used to store and retrieve secrets (i.e. is specific to each hook implementation).user (
Optional
[str
]) – If this argument is provided, secret retrieving commands are run asuser
when possible. This option defaults to the value of the HUSH_USER envvar, if defined.
- Return type
Optional
[str
]- Returns
The secret value returned by the first plugin to successfully retrieve the desired secret.
OR
None, if none of the registered plugins were able to retrieve the desired secret.